SIMPLE TUTORIAL: **How to have secure rules on Firebase Realtime Database using Firebase Auth**

Hallo guis!!!
Today I will show you how to have SECURE RULES in Firebase Database

I saw a lot of discussions about this topic and I want to show a fluid and good tutorial about this topic (sorry for my english but i’m Italian)
PS I tried that method this guide on Niotron and other App makers like Kodular, I guess it will work here on Kodular.

First step: UNDERSTAND THE MEANING OF THE BLOCKS

In the picture down here you can see 3 red squares

In the 0 SQUARE you can see the 2 components that i used to make this work:
the first is the integrated component “firebase database”
and the custom FirebaseAuth component that you can download here:
com.mirxtremapps.FirebaseAuth.aix (37.8 KB)
**1 SQUARE you have to keep it free because we will use it tomorrow **
2 SQUARE you have to put in it the firebase url of your database that you can find in your Firebase Realtime database dasboard like here

Second step UNDERSTAND THE CODE
This blocks saves some parameters in tiny db for use them later when a user Logs in or Sign ups succesfully like The USER FIREBASE ID TOKEN that is different from Local Id (user id)
image

in this block when the screen1 inizialize it sets the FIREBASE ID TOKEN of the firebase realtime database token id that I mentioned before in the 1 SQUARE (You have to use this code because the FIREBASE ID TOKEN is different for every user)

Third step UNDERSTAND FIREBASE RULES
Now I will show to you my Firebase realtime database security rules:

In this image you can see the 2 buckests that i use: (Change the bucket rules between “” with your real firebase realtime database buckets’ names)
“companies_datas” and “user_posts”
My rules translated are:
Rules
"bucket named “companies_data”
the user can read this bucket only if the FIREBASE ID TOKEN is present,
the user can write this bucket only if the FIREBASE ID TOKEN is present

“bucket named user_posts”
the user can read this bucket only if the FIREBASE ID TOKEN is present,
the user can write this bucket only if the FIREBASE ID TOKEN is present

Now when you try to append or write a value in firebase realtime database, the firebase algorithm will compare the auth.uid with the FIREBASE TOKEN ID that you inserted in the SQUARE1 in the photos before, if the token is null firebase will not permit you to write and read in your firebase realtime database.
Otherwise if your FIREBASE ID TOKEN will be the same of auth.uid (in the firebase rules photo) you will can write and read your database

I wish I was good writing that tutorial, if you have some questions about this topic write a comment or give me a like for giving to all the opportunity to understand this topic.

Giacomo

1 Like